symfony
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Lines changed: 14 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Lines changed: 14 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Lines changed: 10 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/encryption.php
Lines changed: 37 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/encryption.php
Lines changed: 37 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Lines changed: 0 additions & 19 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Lines changed: 0 additions & 19 deletions
diff --git a/‎src/Symfony/Component/Encryption/.gitattributes
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Component/Encryption/.gitattributes
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Encryption/.gitignore
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Component/Encryption/.gitignore
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Encryption/AsymmetricEncryptionInterface.php renamed to ‎src/Symfony/Component/Encryption/AsymmetricEncryptionInterface.php
Lines changed: 8 additions & 4 deletions b/‎src/Symfony/Component/Security/Core/Encryption/AsymmetricEncryptionInterface.php renamed to ‎src/Symfony/Component/Encryption/AsymmetricEncryptionInterface.php
Lines changed: 8 additions & 4 deletions
diff --git a/‎src/Symfony/Component/Encryption/CHANGELOG.md
Lines changed: 7 additions & 0 deletions b/‎src/Symfony/Component/Encryption/CHANGELOG.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Encryption/Ciphertext.php
Lines changed: 87 additions & 0 deletions b/‎src/Symfony/Component/Encryption/Ciphertext.php
Lines changed: 87 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Encryption/Exception/DecryptionException.php
Lines changed: 27 additions & 0 deletions b/‎src/Symfony/Component/Encryption/Exception/DecryptionException.php
Lines changed: 27 additions & 0 deletions
@@ -22,6 +22,7 @@
 use Symfony\Component\Config\Definition\ConfigurationInterface;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\DependencyInjection\Exception\LogicException;
+use Symfony\Component\Encryption\SymmetricEncryptionInterface;
 use Symfony\Component\Form\Form;
 use Symfony\Component\HttpClient\HttpClient;
 use Symfony\Component\HttpFoundation\Cookie;
@@ -136,6 +137,7 @@ public function getConfigTreeBuilder()
         $this->addSecretsSection($rootNode);
         $this->addNotifierSection($rootNode);
         $this->addRateLimiterSection($rootNode);
+        $this->addEncryptionSection($rootNode);
 
         return $treeBuilder;
     }
@@ -1888,4 +1890,16 @@ private function addRateLimiterSection(ArrayNodeDefinition $rootNode)
             ->end()
         ;
     }
+
+    private function addEncryptionSection(ArrayNodeDefinition $rootNode)
+    {
+        $rootNode
+            ->children()
+                ->arrayNode('encryption')
+                    ->info('esi configuration')
+                    ->{!class_exists(FullStack::class) && interface_exists(SymmetricEncryptionInterface::class) ? 'canBeDisabled' : 'canBeEnabled'}()
+                ->end()
+            ->end()
+        ;
+    }
 }
@@ -405,6 +405,7 @@ public function load(array $configs, ContainerBuilder $container)
         $this->registerAnnotationsConfiguration($config['annotations'], $container, $loader);
         $this->registerPropertyAccessConfiguration($config['property_access'], $container, $loader);
         $this->registerSecretsConfiguration($config['secrets'], $container, $loader);
+        $this->registerEncryptionConfiguration($config['encryption'], $container, $loader);
 
         if ($this->isConfigEnabled($container, $config['serializer'])) {
             if (!class_exists('Symfony\Component\Serializer\Serializer')) {
@@ -597,6 +598,15 @@ private function registerHttpCacheConfiguration(array $config, ContainerBuilder
             ->replaceArgument(3, $options);
     }
 
+    private function registerEncryptionConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)
+    {
+        if (!$this->isConfigEnabled($container, $config)) {
+            return;
+        }
+
+        $loader->load('encryption.php');
+    }
+
     private function registerEsiConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)
     {
         if (!$this->isConfigEnabled($container, $config)) {
 
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\DependencyInjection\Loader\Configurator;
+
+use phpseclib\Crypt\AES;
+use Symfony\Component\Encryption\AsymmetricEncryptionInterface;
+use Symfony\Component\Encryption\Provider\PhpseclibEncryption;
+use Symfony\Component\Encryption\Provider\SodiumEncryption;
+use Symfony\Component\Encryption\SymmetricEncryptionInterface;
+
+return static function (ContainerConfigurator $container) {
+    $sodiumInstalled = \function_exists('sodium_crypto_box_keypair');
+    $phpseclibInstalled = class_exists(AES::class);
+
+    $container->services()
+
+        ->set('security.encryption.sodium', SodiumEncryption::class)
+            ->args([
+                '%kernel.secret%',
+            ])
+        ->set('security.encryption.phpseclib', PhpseclibEncryption::class)
+            ->args([
+                '%kernel.secret%',
+            ])
+        ->alias(SymmetricEncryptionInterface::class, $phpseclibInstalled && !$sodiumInstalled ? 'security.encryption.phpseclib' : 'security.encryption.sodium')
+        ->alias(AsymmetricEncryptionInterface::class, $phpseclibInstalled && !$sodiumInstalled ? 'security.encryption.phpseclib' : 'security.encryption.sodium')
+        ;
+};
@@ -11,7 +11,6 @@
 
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
-use phpseclib\Crypt\AES;
 use Symfony\Bundle\SecurityBundle\CacheWarmer\ExpressionCacheWarmer;
 use Symfony\Bundle\SecurityBundle\EventListener\FirewallEventBubblingListener;
 use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
@@ -37,10 +36,6 @@
 use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use Symfony\Component\Security\Core\Encryption\AsymmetricEncryptionInterface;
-use Symfony\Component\Security\Core\Encryption\PhpseclibEncryption;
-use Symfony\Component\Security\Core\Encryption\SodiumEncryption;
-use Symfony\Component\Security\Core\Encryption\SymmetricEncryptionInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Security\Core\Security;
@@ -63,9 +58,6 @@
         ->set('security.role_hierarchy.roles', [])
     ;
 
-    $sodiumInstalled = \function_exists('sodium_crypto_box_keypair');
-    $phpseclibInstalled = class_exists(AES::class);
-
     $container->services()
         ->set('security.authorization_checker', AuthorizationChecker::class)
             ->public()
@@ -104,17 +96,6 @@
             ])
             ->tag('controller.argument_value_resolver', ['priority' => 40])
 
-        ->set('security.encryption.sodium', SodiumEncryption::class)
-            ->args([
-                '%kernel.secret%',
-            ])
-        ->set('security.encryption.phpseclib', PhpseclibEncryption::class)
-            ->args([
-                '%kernel.secret%',
-            ])
-        ->alias(SymmetricEncryptionInterface::class, $phpseclibInstalled && !$sodiumInstalled ? 'security.encryption.phpseclib' : 'security.encryption.sodium')
-        ->alias(AsymmetricEncryptionInterface::class, $phpseclibInstalled && !$sodiumInstalled ? 'security.encryption.phpseclib' : 'security.encryption.sodium')
-
         // Authentication related services
         ->set('security.authentication.trust_resolver', AuthenticationTrustResolver::class)
 
 
@@ -0,0 +1,3 @@
+/.gitignore export-ignore
+/phpunit.xml.dist export-ignore
+/Tests export-ignore
@@ -0,0 +1,3 @@
+composer.lock
+phpunit.xml
+vendor/
@@ -9,10 +9,11 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Security\Core\Encryption;
+namespace Symfony\Component\Encryption;
 
-use Symfony\Component\Security\Core\Exception\EncryptionException;
-use Symfony\Component\Security\Core\Exception\WrongEncryptionKeyException;
+use Symfony\Component\Encryption\Exception\EncryptionException;
+use Symfony\Component\Encryption\Exception\SignatureVerificationRequiredException;
+use Symfony\Component\Encryption\Exception\UnableToVerifySignatureException;
 
 /**
  * Asymmetric encryption uses a "key pair" ie a public key and a private key. It
@@ -35,6 +36,8 @@ interface AsymmetricEncryptionInterface
      * Don't lose your private key and make sure to keep it a secret.
      *
      * @return array{public: string, private: string}
+     *
+     * @throws EncryptionException
      */
     public function generateKeypair(): array;
 
@@ -62,7 +65,8 @@ public function encrypt(string $message, string $publicKey, ?string $privateKey
      * @param string|null $publicKey  Alice's public key. If a public key is provided, Bob will be sure the message comes from Alice.
      *
      * @throws EncryptionException
-     * @throws WrongEncryptionKeyException When the keys are valid but did not match the message. Either it was the wrong sender/receiver, or the message was tampered with.
+     * @throws UnableToVerifySignatureException       either it was the wrong sender/receiver, or the message was tampered with
+     * @throws SignatureVerificationRequiredException thrown when you passed null as public key but the public key is needed
      */
     public function decrypt(string $message, string $privateKey, ?string $publicKey = null): string;
 }
@@ -0,0 +1,7 @@
+CHANGELOG
+=========
+
+5.3.0
+-----
+
+ * Introduced the component as experimental
@@ -0,0 +1,87 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption;
+
+use Symfony\Component\Encryption\Exception\MalformedCipherException;
+
+/**
+ * A representation of the encrypted message.
+ *
+ * This class is responsible over the payload API.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 5.3
+ *
+ * @internal
+ */
+class Ciphertext
+{
+    private $algorithm;
+    private $ciphertext;
+    private $nonce;
+
+    public function __construct(string $algorithm, string $ciphertext, string $nonce)
+    {
+        $this->algorithm = $algorithm;
+        $this->ciphertext = $ciphertext;
+        $this->nonce = $nonce;
+    }
+
+    /**
+     * Take a string representation of the chiphertext and parse it into an object.
+     *
+     * @throws MalformedCipherException
+     */
+    public static function parse(string $ciphertext): self
+    {
+        $parts = explode('.', $ciphertext);
+        if (false === $parts || 3 !== \count($parts)) {
+            throw new MalformedCipherException();
+        }
+
+        [$cipher, $algorithm, $nonce] = $parts;
+        $algorithm = base64_decode($algorithm, true);
+        $ciphertext = base64_decode($cipher, true);
+        $nonce = base64_decode($nonce, true);
+
+        return new self($algorithm, $ciphertext, $nonce);
+    }
+
+    /**
+     * @return string
+     */
+    public function __toString()
+    {
+        return $this->getUrlSafeRepresentation();
+    }
+
+    public function getUrlSafeRepresentation(): string
+    {
+        return sprintf('%s.%s.%s', base64_encode($this->ciphertext), base64_encode($this->algorithm), base64_encode($this->nonce));
+    }
+
+    public function getAlgorithm(): string
+    {
+        return $this->algorithm;
+    }
+
+    public function getCiphertext(): string
+    {
+        return $this->ciphertext;
+    }
+
+    public function getNonce(): string
+    {
+        return $this->nonce;
+    }
+}
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * Thrown when a message cannot be decrypted.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 5.3
+ */
+class DecryptionException extends \RuntimeException implements ExceptionInterface
+{
+    public function __construct($message = null, \Throwable $previous = null)
+    {
+        parent::__construct($message ?? 'Could not decrypt the ciphertext.', 0, $previous);
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+/.gitignore export-ignore`
	`2`	`+/phpunit.xml.dist export-ignore`
	`3`	`+/Tests export-ignore`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+composer.lock`
	`2`	`+phpunit.xml`
	`3`	`+vendor/`